Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/06/10 9:47 p.m.8 views

CVE-2026-42563 Dulwich Vulnerable to Command Injection via Merge Driver Path

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS5.8AI score0.00555EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 9:47 p.m.26 views

CVE-2026-42563 Dulwich Vulnerable to Command Injection via Merge Driver Path

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS0.00555EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/28 10:29 p.m.14 views

Dulwich Vulnerable to Command Injection via Merge Driver Path

Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...

7.7CVSS6.3AI score0.00555EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/28 10:29 p.m.8 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the ProcessMergeDriver command. An attacker can execute arbitrary commands by crafting malicious file paths that are substituted into the merge driver command and executed with shell privileges when a victim merges...

7.7CVSS6AI score0.00555EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 10:0 p.m.66 views

GHSA-Q98C-RQX7-7GHF Improper handling of untrusted branches in Gitea Jenkins Plugin

Jenkins Gitea Plugin prior to 1.1.2 did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...

7.5CVSS7.5AI score0.02135EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 10:0 p.m.26 views

Improper handling of untrusted branches in Gitea Jenkins Plugin

Jenkins Gitea Plugin prior to 1.1.2 did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...

7.5CVSS3.5AI score0.02135EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder